Security

Hello,

I am looking for documentation on "Clearpass device registration" . I am working with a University who have a requirement that students/staff can authenticate non 802.1x devices (game consoles, chrome casts etc..) onto eduroam. I understand we can set up a self service portal where students can register these devices themselves but struggling to find user guides on it. I have seen the below document referenced on Airheads but the link no longer works.

http://community.arubanetworks.com/t5/Unlisted-1/How-To-Advanced-Device-Registration-in-ClearPass-November-MHC/td-p/217291

thanks in advance

That referenced document was outdated. The basic steps to set up (self) device registration are:

- Allow users to log in to the Guest portal with the Device Registration Operator Profile. See this video how to configure that.

- If needed change or create your own Device Registration Operator Profile. Some useful information here.

- Use the Guest Device Repository as MACAuth authentication source or authorization source of other authentication types.

- If you create an external captive portal redirect for unknown/unregistered devices, the MAC address will be automatically filled, which is useful for devices that have a browser as you can register those from the device itself.

- For other devices, your users can go to https://your.clear.pass/guest (replace your.clear.pass with the hostname of your ClearPass) and register headless devices and manage existing devices.

Does this provide enough guidance?

Hi Herman,

To add on to the original question. Is it possible to change the Guest Role ID depending on an AD profile? Looking to automate the process of placing end-user registered devices on different networks depending on their endpoint attributes.

Ideally, a user would log into the guest portal using AD credentials and get an Operator Profile. When they create a guest device it would get a specific endpoint ID (based on their AD attributes) that my mac-auth could use to choose the network it gets. Would I need a different Operator profile for each AD group or is there a way to simplify that?

More specifically, is there a list of attributes that I could pass to clearpass guest besides just "admin_privileges" that could autofill a form?

P.S. You're a legend. Thanks a ton for the Cleapass Workshop Series. I've learned a ton from it!

Interested in this as well.  Working for a College.  I am struggling to set the CPG mac cached devices expiration.  We are also using Guest Role ID to identify student vs. staff, and I am wondering how I could pass attributes from CPPM to CPG and vice versa.  Thanks all!